Files mysteriously disappearing from external drive ???

Page 1 of 3 123 LastLast

  1. Posts : 30
    7 64 bit
       #1

    Files mysteriously disappearing from external drive ???


    Hi all

    Glad I found this forum. Hoping one of you uber smart people can help me figure out wtf is going on in my computer. Long story short: I have a Seagate external drive hooked up. I back all my data up to it. The other day I accessed it and to my shock ALL FILES were gone. Poof. We're talking thousands of files. Weird though, the folder structure/tree was still completely in tact!! Every folder is there, it's just the files that are gone. I used Recuva This and got about 60% of it back. The other 40% is gone forever I guess. Very sad as there were about 500 family images that we lost.

    Anyway, I add more files to this drive about three days ago to test. Sure enough they TOO are gone now but their folders are still there! Ugh! Important to note these files are NOT going to the recycle bin for some reason. They are just being zapped from the drive somehow.

    SOMETHING/SOMEONE is making my files disappear. This drive is NOT being shared on the network. I ran scan disk and no errors were found. Here is my HT log:

    Code:
    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 2:56:07 PM, on 1/31/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal
     
    Running processes:
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\LivePerson\Expert\LPExpertMessenger.exe
    C:\Program Files (x86)\APC\APC PowerChute Personal  Edition\apcsystray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet  Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
    O1 - Hosts: ::1 localhost
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208}  - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} -  C:\Program Files (x86)\Adobe\/Adobe Contribute  CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper -  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper -  {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: IE Developer Toolbar BHO -  {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files  (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} -  C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar -  {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files  (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -  C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common  Files\Intuit\Sync\IntuitSyncManager.exe  startup
    O4 - HKLM\..\RunServices: [Nod42 Service] nod143.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe  /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Speech Recognition]  "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files  (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows  Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin]  C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows  Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin]  C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: LivePerson Expert Messenger.lnk = C:\Program Files  (x86)\LivePerson\Expert\LPExpertMessenger.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O8 - Extra context menu item: Append Link Target to Existing PDF -  res://C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program  Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF -  res://C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program  Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -  res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -  C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -  C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote -  {2670000A-7350-4f3c-8081-5663EE0C6C49} -  C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote -  {2670000A-7350-4f3c-8081-5663EE0C6C49} -  C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: IE Developer Toolbar -  {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files  (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix: 
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -  C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
    O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} -  C:\Program Files (x86)\Intuit\QuickBooks  2009\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  mscoree.dll (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files  (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated -  C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue  CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner  - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files  (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    O23 - Service: APC UPS Service - American Power Conversion Corporation -  C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files  (x86)\Common Files\Apple\Mobile Device  Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -  C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file  missing)
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. -  C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. -  C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. -  C:\Program Files (x86)\AVG\AVG9\Identity  Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown  owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown  owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. -  C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet  Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. -  C:\Program Files\Common Files\Macrovision Shared\FLEXnet  Publisher\FNPLicensingService64.exe
    O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner -  C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision  Corporation - C:\Program Files (x86)\Common  Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program  Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -  C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files  (x86)\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -  C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files  (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner -  C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage)  - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files  (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. -  C:\Program Files (x86)\Common  Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -  Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown  owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) -  Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown  owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown  owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -  Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner  - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown  owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -  Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -  Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101  (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media  Player\wmpnetwk.exe (file missing)
    Last edited by Airbot; 31 Jan 2010 at 18:58.
      My Computer


  2. Posts : 112
    7
       #2

    Do you use a proxy server to connect to the net?

    If not then it looks like you could be infected and may not be able to connect to certain security sites.

    You could try a quick scan with Malwarebytes Antimalware - update first and delete what it finds.

    A second opinion scan with Hitman Pro wouldn't hurt.

    |MG| Malwarebytes Anti-Malware 1.44 Download

    Hitman Pro 3 - SurfRight
      My Computer


  3. Posts : 30
    7 64 bit
    Thread Starter
       #3

    I don't follow. I am not having trouble connecting to any security sites. What makes you think I am having trouble connecting to them?

    I have tried scanning for viruses. Nothing comes up

    Help

    I am really worried
      My Computer


  4. Posts : 112
    7
       #4

    The setting below from your HJT log may indicate a hijack or it could be a left over from a previous infection.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    Have you scanned with Malwarebytes?
      My Computer


  5. Posts : 13,354
    Windows 7 Professional x64
       #5

    I had that happen to a thumb drive. It was just another one of the signs that told me my drive was going bad.

    I would strongly advice downloading Seagate's SeaTools and scanning your drive.
      My Computer


  6. Posts : 30
    7 64 bit
    Thread Starter
       #6

    Yes I ran Malware Bytes on quick scan. I am now doing full scan. What does that registry key you included tell you? Does that mean my PC is being hijacked?

    I DL"d SeaTools and have run all tests and the drive passes them all so far. Running the Long Test now. Seems ok though
      My Computer


  7. Posts : 30
    7 64 bit
    Thread Starter
       #7

    Also did you notice the nod143.exe entry in my HJT file? I just read that is a virus. I had HJT delete it. Not sure if that is the issue though.

    Should I remove the proxy thing you referenced?
      My Computer


  8. Posts : 112
    7
       #8

    I would wait till one of the experts over at Bleeping replies to your post but it seems to me that you just may have an infection present.

    You can copy and paste your HJT log for an online analysis below as a guide but I would wait for one of the experts to respond over at Bleep.

    HijackThis Logfileauswertung

    Windows process and HijackThis log tool bv1.5c
      My Computer


  9. Posts : 30
    7 64 bit
    Thread Starter
       #9

    Ok I will keep my eye on the bleepingcomputers.com thread. Nothing back yet. I have posted in multiple forums across the web and this is the only one that has yielded a response.
      My Computer


  10. Posts : 20
    Windows 7 Pro
       #10

    Hi

    The R1 entry is nothing to worry about however the nod143.exe entry is.

    Information at >Threat Expert<

    Malwarebytes' Anti-Malware
    Please go here: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com and download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from >here< and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Select "Perform Full Scan" then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that all items are ticked/checked except items in the C:\System Volume Information folder and click on Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Thanks
    Vino
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:37.
Find Us